Swrve allows for a session token that is a hash of your API key in the calls you make. All API calls to <app_id>.api.swrve.com are authenticated using a session token of the form app_id=user_id=timestamp=md5hash. Note that API calls to abtest.swrve.com/api/1 do not use a session token, but instead simply use the API key. The fields in a session token are as follows:

app_id: The ID assigned to your app by Swrve.

user_id: The unique ID used to track the user in Swrve.

timestamp: The time the user’s current session began, represented as seconds since the epoch. A session token cannot be used for more than 48 hours.

md5hash: This is an md5 hash of the string formed by concatenating the user_id, timestamp, and api_key.

The session token is only required for batch API calls. Every other API call has the option of using the session token or the api_key and user parameters. The iOS and Unity SDKs automatically create a session token for you based on the api_key, app_id and user_id you supply.